Changing password after lockout doesn't reset failed attempts count

[jobannon]

Reset Failed Login Count During Given Time Period When Password Reset

Problem

• Set up a user action to prevent login.
• Setup failed login configuration on the tenant with N login attempts during X time
• Lockout a user
• Expect that after a user resets their password after lockout, they will a refreshed N login attempts in a new X time frame
• Actually, the user will still be locked for the time duration on the tenant after password is updated

Also, per a forum user, a variation of this behavior

What we find is that if we create and then delete the lockout action and then the user tries to login again the account is locked after a single failed login attempt. We're expecting that after the lockout action is removed that the user has another number of failed login attempts to go through before a lockout again.

Solution

Expect that after a user resets their password after a lockout, they will a refreshed N login attempts as configured on the tenant

Alternatives/workarounds

None, not a "blocking" behavior.

Additional context

Forum post
https://fusionauth.io/community/forum/topic/1252/changing-password-after-lockout-doesn-t-reset-failed-attempts-count

Related

• Allow a user to unlock their account from failed login attempts if they go through the forgot password process #383

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

[robotdan]

Going to deliver this via #383.

[JoshTheHero]

Seems to be happening in 1.53.2, I can reproduce after it being reported from a customer. Not sure if we should reopen this issue or make a new one.